Cryptographically Secure Information Flow Control on Key-Value Stores

Paper i proceeding, 2017

We present Clio, an information flow control (IFC) system thattransparently incorporates cryptography to enforce confidentialityand integrity policies on untrusted storage. Clio insulates develop-ers from explicitly manipulating keys and cryptographic primitivesby leveraging the policy language of the IFC system to automatically use the appropriate keys and correct cryptographic operations.We prove that Clio is secure with a novel proof technique that isbased on a proof style from cryptography together with standardprogramming languages results. We present a prototype Clio implementation and a case study that demonstrates Clio’s practicality.